* gnu/packages/patches/ghostscript-CVE-2020-15900.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/ghostscript.scm (ghostscript)[source](patches): Add it.
		
			
				
	
	
		
			36 lines
		
	
	
	
		
			1.1 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			36 lines
		
	
	
	
		
			1.1 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| Fix CVE-2020-15900.
 | |
| 
 | |
| https://cve.circl.lu/cve/CVE-2020-15900
 | |
| https://artifex.com/security-advisories/CVE-2020-15900
 | |
| 
 | |
| Taken from upstream:
 | |
| https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
 | |
| 
 | |
| diff --git a/psi/zstring.c b/psi/zstring.c
 | |
| --- a/psi/zstring.c
 | |
| +++ b/psi/zstring.c
 | |
| @@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
 | |
|      return 0;
 | |
|  found:
 | |
|      op->tas.type_attrs = op1->tas.type_attrs;
 | |
| -    op->value.bytes = ptr;
 | |
| -    r_set_size(op, size);
 | |
| +    op->value.bytes = ptr;				/* match */
 | |
| +    op->tas.rsize = size;				/* match */
 | |
|      push(2);
 | |
| -    op[-1] = *op1;
 | |
| -    r_set_size(op - 1, ptr - op[-1].value.bytes);
 | |
| -    op1->value.bytes = ptr + size;
 | |
| -    r_set_size(op1, count + (!forward ? (size - 1) : 0));
 | |
| +    op[-1] = *op1;					/* pre */
 | |
| +    op[-3].value.bytes = ptr + size;			/* post */
 | |
| +    if (forward) {
 | |
| +        op[-1].tas.rsize = ptr - op[-1].value.bytes;	/* pre */
 | |
| +        op[-3].tas.rsize = count;			/* post */
 | |
| +    } else {
 | |
| +        op[-1].tas.rsize = count;			/* pre */
 | |
| +        op[-3].tas.rsize -= count + size;		/* post */
 | |
| +    }
 | |
|      make_true(op);
 | |
|      return 0;
 | |
|  }
 |